Mercurial > hg > nginx-tests

annotate ssl_proxy_protocol.t @ 1585:bff287fbf347

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: added proxy_cookie_domain/path tests with "off" parameter.
author Sergey Kandaurov <pluknet@nginx.com>
date Thu, 23 Jul 2020 12:17:39 +0300
parents dbce8fb5f5f8
children cdcd75657e52
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
603
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
1 #!/usr/bin/perl
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
2
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
3 # (C) Sergey Kandaurov
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
4 # (C) Nginx, Inc.
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
5
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
6 # Tests for http ssl module with haproxy protocol.
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
7
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
8 ###############################################################################
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
9
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
10 use warnings;
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
11 use strict;
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
12
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
13 use Test::More;
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
14
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
15 use Socket qw/ CRLF /;
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
16
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
17 BEGIN { use FindBin; chdir($FindBin::Bin); }
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
18
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
19 use lib 'lib';
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
20 use Test::Nginx;
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
21
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
22 ###############################################################################
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
23
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
24 select STDERR; $| = 1;
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
25 select STDOUT; $| = 1;
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
26
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
27 eval { require IO::Socket::SSL; };
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
28 plan(skip_all => 'IO::Socket::SSL not installed') if $@;
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
29 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
30 plan(skip_all => 'IO::Socket::SSL too old') if $@;
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
31
1170
cf14cfe9ec8c Tests: dropped obsolete ipv6 prerequisite.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1168
diff changeset
32 my $t = Test::Nginx->new()->has(qw/http http_ssl access realip/)
603
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
33 ->has_daemon('openssl');
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
34
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
35 $t->write_file_expand('nginx.conf', <<'EOF')->plan(18);
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
36
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
37 %%TEST_GLOBALS%%
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
38
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
39 daemon off;
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
40
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
41 events {
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
42 }
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
43
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
44 http {
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
45 %%TEST_GLOBALS_HTTP%%
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
46
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
47 log_format pp '$remote_addr $request';
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
48
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
49 server {
974
882267679006 Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 952
diff changeset
50 listen 127.0.0.1:8080 proxy_protocol ssl;
603
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
51 server_name localhost;
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
52
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
53 ssl_certificate_key localhost.key;
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
54 ssl_certificate localhost.crt;
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
55
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
56 set_real_ip_from 127.0.0.1/32;
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
57 add_header X-IP $remote_addr;
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
58 add_header X-PP $proxy_protocol_addr;
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
59
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
60 location /pp {
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
61 real_ip_header proxy_protocol;
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
62 error_page 404 =200 /t1;
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
63 access_log %%TESTDIR%%/pp.log pp;
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
64
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
65 location /pp_4 {
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
66 deny 192.0.2.1/32;
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
67 }
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
68 location /pp_6 {
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
69 deny 2001:DB8::1/128;
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
70 }
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
71 }
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
72 }
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
73 }
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
74
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
75 EOF
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
76
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
77 $t->write_file('openssl.conf', <<EOF);
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
78 [ req ]
1488
dbce8fb5f5f8 Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1421
diff changeset
79 default_bits = 2048
603
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
80 encrypt_key = no
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
81 distinguished_name = req_distinguished_name
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
82 [ req_distinguished_name ]
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
83 EOF
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
84
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
85 my $d = $t->testdir();
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
86
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
87 foreach my $name ('localhost') {
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
88 system('openssl req -x509 -new '
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1170
diff changeset
89 . "-config $d/openssl.conf -subj /CN=$name/ "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1170
diff changeset
90 . "-out $d/$name.crt -keyout $d/$name.key "
603
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
91 . ">>$d/openssl.out 2>&1") == 0
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
92 or die "Can't create certificate for $name: $!\n";
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
93 }
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
94
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
95 $t->write_file('t1', 'SEE-THIS');
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
96 $t->run();
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
97
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
98 ###############################################################################
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
99
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
100 my $tcp4 = 'PROXY TCP4 192.0.2.1 192.0.2.2 1234 5678' . CRLF;
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
101 my $tcp6 = 'PROXY TCP6 2001:Db8::1 2001:Db8::2 1234 5678' . CRLF;
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
102 my $unk1 = 'PROXY UNKNOWN' . CRLF;
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
103 my $unk2 = 'PROXY UNKNOWN 1 2 3 4 5 6' . CRLF;
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
104 my $r;
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
105
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
106 # no realip, just PROXY header parsing
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
107
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
108 $r = pp_get('/t1', $tcp4);
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
109 like($r, qr/SEE-THIS/, 'tcp4 request');
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
110 like($r, qr/X-PP: 192.0.2.1/, 'tcp4 proxy');
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
111 unlike($r, qr/X-IP: 192.0.2.1/, 'tcp4 client');
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
112
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
113 $r = pp_get('/t1', $tcp6);
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
114 like($r, qr/SEE-THIS/, 'tcp6 request');
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
115 like($r, qr/X-PP: 2001:DB8::1/i, 'tcp6 proxy');
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
116 unlike($r, qr/X-IP: 2001:DB8::1/i, 'tcp6 client');
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
117
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
118 like(pp_get('/t1', $unk1), qr/SEE-THIS/, 'unknown request 1');
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
119 like(pp_get('/t1', $unk2), qr/SEE-THIS/, 'unknown request 2');
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
120
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
121 # realip
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
122
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
123 $r = pp_get('/pp', $tcp4);
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
124 like($r, qr/SEE-THIS/, 'tcp4 request realip');
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
125 like($r, qr/X-PP: 192.0.2.1/, 'tcp4 proxy realip');
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
126 like($r, qr/X-IP: 192.0.2.1/, 'tcp4 client realip');
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
127
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
128 $r = pp_get('/pp', $tcp6);
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
129 like($r, qr/SEE-THIS/, 'tcp6 request realip');
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
130 like($r, qr/X-PP: 2001:DB8::1/i, 'tcp6 proxy realip');
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
131 like($r, qr/X-IP: 2001:DB8::1/i, 'tcp6 client realip');
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
132
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
133 # access
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
134
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
135 $r = pp_get('/pp_4', $tcp4);
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
136 like($r, qr/403 Forbidden/, 'tcp4 access');
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
137
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
138 $r = pp_get('/pp_6', $tcp6);
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
139 like($r, qr/403 Forbidden/, 'tcp6 access');
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
140
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
141 # client address in access.log
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
142
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
143 $t->stop();
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
144
908
adf5671391ac Tests: use read_file subroutine in several tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 603
diff changeset
145 my $log = $t->read_file('pp.log');
603
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
146 like($log, qr!^192\.0\.2\.1 GET /pp_4!m, 'tcp4 access log');
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
147 like($log, qr!^2001:DB8::1 GET /pp_6!mi, 'tcp6 access log');
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
148
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
149 ###############################################################################
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
150
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
151 sub pp_get {
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
152 my ($url, $proxy) = @_;
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
153
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
154 my $s = http($proxy, start => 1);
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
155
1168
8821e405b91e Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
156 eval {
8821e405b91e Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
157 local $SIG{ALRM} = sub { die "timeout\n" };
8821e405b91e Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
158 local $SIG{PIPE} = sub { die "sigpipe\n" };
1421
4e48bf51714f Tests: aligned various generic read timeouts to http_end().
Sergey Kandaurov <pluknet@nginx.com>
parents: 1407
diff changeset
159 alarm(8);
1168
8821e405b91e Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
160 IO::Socket::SSL->start_SSL($s,
8821e405b91e Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
161 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
8821e405b91e Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
162 SSL_error_trap => sub { die $_[1] }
8821e405b91e Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
163 );
8821e405b91e Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
164 alarm(0);
8821e405b91e Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
165 };
8821e405b91e Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
166 alarm(0);
8821e405b91e Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
167
8821e405b91e Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
168 if ($@) {
8821e405b91e Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
169 log_in("died: $@");
8821e405b91e Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
170 return undef;
8821e405b91e Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
171 }
603
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
172
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
173 return http(<<EOF, socket => $s);
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
174 GET $url HTTP/1.0
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
175 Host: localhost
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
176
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
177 EOF
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
178 }
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
179
cc722d0c557d Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
180 ###############################################################################